我需要在Python中安全地存储一个用户名和密码,我有什么选择? [英] I need to securely store a username and password in Python, what are my options?
问题描述
此脚本不具有GUI,将由 cron
定期运行,因此每次输入密码它的运行解密的东西不会真的有效,我必须将用户名和密码存储在一个加密的文件或加密的SQLite数据库,这将是更好的,因为我将使用SQLite,而且我可能需要在某些时候编辑密码。此外,我可能会将整个程序包装在EXE中,因为它专门用于Windows。
如何安全地存储要通过 cron
作业定期使用的用户名和密码组合?
我推荐类似于 SSH-剂的。如果你不能直接使用ssh-agent,你可以实现类似的东西,这样你的密码只能保存在RAM中。 cron作业可以配置凭证,以便每次运行时从代理获取实际密码,使用一次,并使用 del
语句立即取消引用它。 p>
管理员仍然需要输入密码以启动ssh-agent,在启动时或任何时候,但这是一个合理的妥协,避免在任何地方存储明文密码在磁盘上。
I'm writing a small Python script which will periodically pull information from a 3rd party service using a username and password combo. I don't need to create something that is 100% bulletproof (does 100% even exist?), but I would like to involve a good measure of security so at the very least it would take a long time for someone to break it.
This script won't have a GUI and will be run periodically by cron
, so entering a password each time it's run to decrypt things won't really work, and I'll have to store the username and password in either an encrypted file or encrypted in a SQLite database, which would be preferable as I'll be using SQLite anyway, and I might need to edit the password at some point. In addition, I'll probably be wrapping the whole program in an EXE, as it's exclusively for Windows at this point.
How can I securely store the username and password combo to be used periodically via a cron
job?
I recommend a strategy similar to ssh-agent. If you can't use ssh-agent directly you could implement something like it, so that your password is only kept in RAM. The cron job could have configured credentials to get the actual password from the agent each time it runs, use it once, and de-reference it immediately using the del
statement.
The administrator still has to enter the password to start ssh-agent, at boot-time or whatever, but this is a reasonable compromise that avoids having a plain-text password stored anywhere on disk.
这篇关于我需要在Python中安全地存储一个用户名和密码,我有什么选择?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!